Author
Topic: How necessary is a software firewall? (Read 4263 times)

I've been wondering lately about how important a software firewall is. Many years ago, I used to use ZoneAlarm, but it got too bulky and bloated, so I stopped. Then I tried a few others, mainly Outpost, but I found that i grew tired of all the configuration, where it keeps asking me to accept/deny connections, etc. So I quit that also, and since then I don't use a software firewall anymore. Am I at big risk here, or is it not such a big deal.

For general computer practice, I am pretty safe. I have good virus protection, I borwse the web responsibly (with ad blockers and good sense of what not to click on), I am a respnsible email user (I have never had a problem with spam). I have a wifi linksys wrtg-something and it has a firewall in it. I always heard that these hardware firewalls are better than software anyway.

SO, how secure am I? I don't think I've ever had any problems with security, but maybe there's some things happening in the background that I don't know about. Packet-sniffing, what not, I don't know what that means anyway.

I see the same things being written about not needing a software firewall if you use a router. I'm not very knowledgeable in this area, so it'll be interesting to see what others have to say.

Out of curiosity, I did the port scan test at Steve Gibson's site ( www.grc.com ), both with and without ZoneAlarm running. The results were identical - all ports stealthed except for 113 (a special case).

How about programs on your computer "phoning home" without your knowledge. I don't think the routers prevent that, do they?

my own view is that if you keep your operating system up to date there is probably not that much INCOMING protection that you need. but a software firewall can offer a good first line of defense from programs that connect out when you don't expect them to.

if you install a truly evil program, the outgoing blocking of a firewall isn't going to help you much, but for most cases a firewall gives you a good first warning that you're dealing with software that is trying to connect out to the internet unexpectedly, or in ways you didn't expect.

if you are someone who likes to know what programs on your computer are doing, then a firewall is a great information tool, just to let you know who is connecting out or in.

if you are annoyed by programs popping up asking permission, most software firewalls now have an auto-configure mode which will create rules for your automatically for well known programs.

Once an application/virus/trojan/spyware or anything else is actually on your system then without a software firewall it can send anything it likes out of your system if you don't have a software firewall. That could be your credit card details or any other personal data stored on your system, plus it could use your own email client to spam other people. You may notice an increase in outgoing data but if malware is cunning enough it won't hog your internet connection enough for you to notice.

I am in the same situation (firewalled router hiding me from the outside world) but I always run a firewall that blocks outgoing traffic unless I authorise it, and logs packets that are arriving and being sent so that if something does get through I should know about it!

By the way - if your system is compromised by someone hijacking it to send out spam or porn then in some countries you are liable for that and you can be prosecuted! I think reasonable security attempts could be used to argue you did all that was possible to prevent it - no security could be seen as irresponsible behviour and make you liable. (I'm not a lawyer though!)

Ok thanks, I guess I will give outpost another try, since it is the DC gold star winner! But I remember before that it kept pestering me with connection permissions and it would never remember them, and kept repeating the same requests, and it pissed me off. And I didn't understand all the rules and settings in the configuration, and I didn't want to spend time learning it, so i just installed it out of impatience. But maybe I need it now since I do more things on my computer these days.

carol points out something else very important that i overlooked.a key thing that a good firewall (like agnitum outpost) can do is keep detailed logs of outgoing and incoming communication, which can really help when trying to figure out the cause of a problem, or the identify the source of some trouble.

it's all fine and well to be protected, but sometimes there is a great value in being able to see when something fishy is happening and be able to track down the source, if only to reassure yourself that it's harmless.

I just like the [sense of] privacy from my ZoneAlarm--that a program has to go through me to get access to the outside. Most of the time, I'm not so sure that I want things to have access, so they are blocked.

Another configuration option I like in ZoneAlarm is the ability to "kill" processes. That is, whenever an .exe is found running, it is immediately stopped. I haven't used this in a while, but I recall that it was quite useful when I did.